Installing Trieve on Azure (AKS)

Things you need:

  • Domain name
  • helm cli
  • azure cli
  • kubectl
  • k9s (optional)

Clone the Trieve repository

git clone https://github.com/devflowinc/trieve.git
cd trieve

Login to Azure

az login --use-device-code

Provision Terraform

Azure should be configured with your IAM credentails chosen. Run the following commands to create the AKS cluster

cd terraform/azure
terraform init
terraform apply

Login to the cluster

az aks get-credentials --resource-group trieve --name trieve

Install Trieve Depenedencies

Trieve depends on the following:

  • Keycloak (or some other oidc compliant Auth Provider)
  • Postgres We are using the CloudNativePG operator.
  • Redis We are using the bitnami redis helm chart.
  • Clickhouse We are using clickhouse-operator.
  • Qdrant We are using qdrant-helm chart.

Ingress nginx + Cert Manager (optional)

Ingress-nginx + Cert manager is how we will expose the trieve services to the internet. Feel free to use whatever ingress controller you are comfortable with.


# To install ingress-nginx
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0-beta.0/deploy/static/provider/cloud/deploy.yaml
# To install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml
# To install ClusterIssuer for keycloak
kubectl apply -f helm/test-production/keycloak-extras/cluster-issuer.yaml

Clickhouse

First install the clickhouse operator and clickhouse installation.

Note that this has a preconfigured password and user. We will use these in the helm chart. They will need to be changed in a production environment according to your password policy.


kubectl apply -f helm/test-production/clickhouse/
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/clickhouse/

Check the status of the clickhouse installation.

kubectl get ClickhouseInstallations

When the above command returns the following, clickhosue is installed.

NAME                CLUSTERS   HOSTS   STATUS      HOSTS-COMPLETED   AGE
trieve-clickhouse   1          1       Completed                     3m3s

OIDC Compliant server (Keycloak)

This is an example of installing keycloak on Azure. You can use any other OIDC compliant provider.

This is using postgresql as a statefulset with a prefilled username/password, you can use a managed service like RDS or CloudNativePG. For higher security.

This also includes a KeycloakRealm that contains the recommended default settings for a keycloak realm. This also has a prefilled clientSecret which should be rotated post installation.

kubectl apply -f helm/test-production/keycloak/
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/keycloak/

To verify Keycloak has started run

kubectl get sts trieve-keycloak

Install the Keycloak Ingress and set your A record

  1. Edit helm/test-production/keycloak-extras/keycloak-ingress.yaml and replace yourdomain.com with your domain name.

  2. Apply the ingress


kubectl apply -f helm/test-production/keycloak-extras/keycloak-ingress.yaml



kubectl get ingress ingress-keycloak

You will get an output like this:

NAME               CLASS   HOSTS                 ADDRESS        PORTS     AGE
ingress-keycloak   nginx   auth.yourdomain.com   4.157.193.10   80, 443   2m10s

Add an A record to your domain registrar with the IP address of the ingress.

auth.yourdomain.com -> 4.157.193.10 # Example IP

Configure Keycloak authorized redirect URIs

  1. Access the Keycloak admin console at https://auth.YOUR-DOMAIN.COM/admin/master/console/#/trieve/clients/list
  2. Login with the default credentials: Username: admin Password: password
  3. Select the “trieve” client and add the following configurations:

Valid redirect and Valid post logout redirect URIs:

https://api.YOUR-DOMAIN.COM/*
https://dashboard.YOUR-DOMAIN.COM/*
https://chat.YOUR-DOMAIN.COM/*
https://search.YOUR-DOMAIN.COM/*
  1. Save the changes

Qdrant helm chart

For Qdrant we recommend you install it via helm chart, with these values.yaml. Note that this is for a qdrant cluster with 3 nodes and 10 GB ram per node.

Each node also has qdrant-node taint on it, so that the trieve pods can be scheduled on the same nodes types

Note that apiKey is also preset to qdrant-api-key, this may need to be changed if you plan on enabling qdrant ingress.

helm repo add qdrant https://qdrant.github.io/qdrant-helm
helm repo update
helm upgrade -i qdrant qdrant/qdrant -f helm/test-production/qdrant-values.yaml

Verify Qdrant is installed

kubectl get sts qdrant

NAME     READY   AGE
qdrant   3/3     54s

Postgresql (via CloudNativePG)

Insstall the postgresql operator and postgresql installation.

kubectl apply --server-side -f helm/test-production/cnpg/operator.yaml
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/cnpg/postgresql-instance.yaml

Verify the postgresql installation via.

# To verify the operator is installed
kubectl get deployment -n cnpg-system cnpg-controller-manager
# To verify the postgresql cluster is installed
kubectl get pods -l cnpg.io/cluster=postgresql-cluster

Redis helm chart

For simplicity, we are using the bitnami redis helm chart. You can use the azure redis cache service if you prefer.

helm upgrade -i redis oci://registry-1.docker.io/bitnamicharts/redis -f helm/test-production/redis-values.yaml

Install Trieve

Modify domain names

If you followed the steps above, values.az.yaml should be mostly preconfigured for you. The only thing needed to modify are the domain names. Replace every instance of yourdomain.com with your domain name.

We highlight the locations where you need to replace yourdomain.com with your domain name below.

values.az.yaml
domains:
  dashboard:
    host: dashboard.yourdomain.com
    class: nginx
  server:
    host: api.yourdomain.com
    class: nginx
  search:
    host: search.yourdomain.com
    class: nginx
  chat:
    host: chat.yourdomain.com
    class: nginx
...
config:
...
  vite:
    apiHost: https://api.yourdomain.com/api
    searchUiUrl: https://search.yourdomain.com
    chatUiUrl: https://chat.yourdomain.com
    dashboardUrl: https://dashboard.yourdomain.com
...
  trieve:
	baseServerUrl: "https://api.yourdomain.com"
  oidc:
    issuerUrl: "https://auth.yourdomain.com/realms/trieve"
    authRedirectUrl: "https://auth.yourdomain.com/realms/trieve/protocol/openid-connect/auth"

Install the helm chart

helm upgrade -i trieve-az \
  helm/ \
  -f helm/values.az.yaml

Verify the installation

After installing, kubectl get deployments should look like this.

NAME                READY   UP-TO-DATE   AVAILABLE   AGE
bktree-worker       1/1     1            1           14m
chat                1/1     1            1           14m
crawl-worker        1/1     1            1           14m
dashboard           1/1     1            1           14m
delete-worker       1/1     1            1           14m
group-worker        1/1     1            1           14m
ingest              10/10   10           10          14m
keycloak-operator   1/1     1            1           46m
redis               1/1     1            1           46m
search              1/1     1            1           14m
server              3/3     1            0           14m
sync-qdrant         0/0     0            0           14m
word-worker         1/1     1            1           14m

Set Ingress

Get Ingress ip address


kubectl get ingress

You will get an output like this:

ingress-chat                nginx    chat.yourdomain.com        4.157.193.10   80, 443   7m43s
ingress-dashboard           nginx    dashboard.yourdomain.com   4.157.193.10   80, 443   7m43s
ingress-keycloak            nginx    auth.yourdomain.com        4.157.193.10   80, 443   20m
ingress-search              nginx    search.yourdomain.com      4.157.193.10   80, 443   7m43s
ingress-server              nginx    api.yourdomain.com         4.157.193.10   80, 443   7m43s

Add A records

Add A records to your domain registrar with the IP address of the ingress.

chat.yourdomain.com      -> 4.157.193.10 # Example IP
dashboard.yourdomain.com -> 4.157.193.10 # Example IP
search.yourdomain.com    -> 4.157.193.10 # Example IP
api.yourdomain.com       -> 4.157.193.10 # Example IP

You will also need to update any other references to that domain name in the helm/values.az.yaml file.

Ensure you run helm upgrade -i -f helm/values.az.yaml trieve-az helm/ after making changes. to apply them.

GCP Self HostingUploading Chunks to Trieve